-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow different users into ES with kibana? #53
Comments
Sorry for the delayed response, I've been super busy this week. About the configuration exception, you need to wrap the wildcard strings in double quotes (sorry, crappy docs kills again). e.g. actions: ["cluster:*", "indices:data/read/*"] Tell me how it goes! 👍 |
@sscarduzio hello.my config is like this. name: dev (read only, but can create dashboards) if i append 'actions: ["cluster:", "indices:data/read/"]', i can not login with user dev. why? |
you forgot the star! it's |
@sscarduzio Actually,my config is |
About Logstash HTTP authhttps://www.elastic.co/guide/en/shield/current/logstash.html#ls-http-auth-basic About the conf problemNot sure what you wanted to do with the actions rule, but this should work for a kibana admin and a logstash reader. readonlyrest:
enable: true
response_if_req_forbidden: Sorry, your request is forbidden.
access_control_rules:
- name: RW Kibana
type: allow
kibana_access: rw
auth_key: admin:passwd3
- name: dev (read only, but can create dashboards) for logstash indices
type: allow
kibana_access: ro+
auth_key: dev:dev
indices:[".kibana*", "logstash*", "default"]
|
BTW good point about logstash, I added to the README example 2 |
Question 1: Question 2: you should debug by yourself first. |
Please see the updated, tested example 2. It needs the latest plugin version 1.9.3 (see download link in the README.md as well). IMPORTANT: read again the instruction, I included a note to this bug which was making my Kibana go in a code 401 loop: |
Hi,
I'm trying your plugin to add a layer of security into ES and divide each user to see his own data via kibana dashboard.
I installed the plugin and worked fine with the use case 2 configuration(kibana) then i wanted to restrict the single users with indices permissions so i used this configuration to test as admin user:
But it doesn't work, and on kibana dashboard i get
plugin:elasticsearch Authentication Exception
in the status page even if on the kibana .yml configuration i added :And on logstash(with authentication):
message=>"[401] Sorry, your request is forbidden."
Another "bug" i found is that using your use case 1 configuration won't start on ES unless you comment\delete this line:
actions: [cluster:*, indices:data/read/*]
My ACL configuration should be something like this:
User has permission to read/write only on his data(logstash-user-* and kibana)
Admin has permission everywhere
ES version: 2.3.1
Plugin: 1.9.1 for 2.3.1
The text was updated successfully, but these errors were encountered: